From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Thu, 25 Jul 2013 17:30:50 +0000 (+0100)
Subject: udp.c: Do not send NAKs in response to NAKs
X-Git-Tag: debian/0.3.0_beta2~22
X-Git-Url: https://git.distorted.org.uk/~mdw/secnet/commitdiff_plain/bf28fc736c33aa8b26b3c3267cf4c3b33e69c4a5?hp=bf28fc736c33aa8b26b3c3267cf4c3b33e69c4a5

udp.c: Do not send NAKs in response to NAKs

If an incoming packet isn't name-addressed and has an invalid
destination site id, udp.c would send a NAK.  This is not a good idea
- if somehow the source site id was wrong too, it will result in a NAK
storm.

This is a security vulnerability as it can be used by an attacker to
trigger an unending NAK storm.

Also, improve the message printed when a NAK is sent by udp.c because
no site wanted to handle it.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---